|
Security Basics
mailing list archives
Re: Basic Network Configuration
From: ". ." <miklohnews () hotmail com>
Date: Wed, 15 Oct 2003 17:43:33 +1000
into the dmz goes, as u said, servers that need be accessed from outside
your organization. any server that will be accessed by your organization
only, should reside on your LAN.
mike
From: "Smith, KC" <ksmith () systemsalliance com>
To: <security-basics () securityfocus com>
Subject: Basic Network Configuration
Date: Tue, 14 Oct 2003 12:40:12 -0400
All,
Okay I know this is truly a basic question, but this is after all the
"security-BASICS" list!
Most LAN configs I've seen include two, separate pieces of hardware to
define the DMZ. A firewall on the outside and another firewall or policy
switch on the inside is usually how I've seen that handled.
My new company uses 3 separate NICs in the same firewall. One for inbound,
one for the LAN and one for the DMZ. Each has it's own address block.
It seems like using the firewall to do this makes sense, but I'd appreciate
some external confirmation on that.
The second issue is this: is there a rule of thumb to determine what should
and should not go in the DMZ vs. the LAN? It seems to me that anything
that requires access from outside the network (Ex. DNS servers, Mail
servers, demo servers, etc.) should go in the DMZ. True?
Thanks in advance.
KC Smith
---------------------------------------------------------------------------
----------------------------------------------------------------------------
_________________________________________________________________
E-mail just got a whole lot better. New ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Ports used by VTAM, (continued)
|
Intro
